SDL Episode80

From Paul's Security Weekly
Jump to: navigation, search

Secure Digital Life #80

Recorded on September 18, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Coming soon!

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Russell Beauchemin
    Cybersecurity & Network Security Program Advisor and Director of Instructional Support & Learning Innovation at Roger Williams University.
  • Announcements

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • DerbyCon is holding its first-ever Mental Health & Wellness Workshop - to help support their efforts, please go to DerbyCon.com/wellness
    • Join us for our Webcast with LogRhythm about "Tips & Tricks for Defending the Enterprise Using Open Source Tools". The webcast will be held September 27 @3:00PM EST!

    Topic: Code & Languages


    To code or not to code...

    The first commercially available programming language was called FORTRAN (formula translator) and it was a long lived beast that started in 1956. I learned FORTRAN II in 1977 and FORTRAN 77 in 1981 but look Ada Lovelace wrote a translation about Babbage's Analytics Engine in the 19th Century so people have been thinking about it for a long time.

    Other Kudos: Grace Hopper (designed Flow-Matic in the 50s, that became what was called COBOL (still in use today sometimes). McCarthy invented LISP in 1956 (that's still around). You could go on and on and people did, for years. New languages are still being brought online today.

    The lowest levels of coding are called machine language. That was written in binary and is essentially just direct processor instructions which access memory locations in the CPU directly. Ultimately, everything is just machine code but that stuff is really hard to write and read.

    Assembler is a little higher (but is still called a low level language), These are what the machine code is written in for humans.

    Today, we mostly see three groups of code type:

    • Low level languages (Assembler)
    • High Level compiled Languages
    • High Level Parsed Languages
    • Web Based Languages



    So, first a compiler is a tool which takes instructions written in some language and first adds in libraries and such, allocates memory to the instructions, and then compiles an executable file which can be run. These can be both architecture specific and architecture independent files depending on how they are developed.

    An IDE is an interface which is used to develop the code. You need one of these since it will help you edit and put the code together when you are a beginner (or when you are an expert). You don't have to use an IDE but it sure makes things simpler when you are starting out.

    An API is a library. A collection of subroutines or pre written instructions that you can use in your code. Someone else wrote them already so you can just use them. Note: Be careful if you are writing commercial code that your API license allows you to do that. If you don't read your license and you write the next Facebook, suddenly you may find someone else owns it and you are left with nothing. Remember, lawyers don't care about you when you are coding in the basement but when you suddenly have a valuable product you put together, all of sudden everyone cares, A LOT.

    Web languages are designed to be executed inside a browser window which is a piece of executable code in and of itself.

    So, what are the most popular languages in use today:

    • Java. Java has been around a while and is very versatile. It is supposedly "platform independent" and as such means you can build java code that will run anywhere anytime. It's really portable so you can write java code on a phone or on a server and get similar results. J++ and J# are other derivative versions of Java.
    • C/C++. Far better than java (just kidding) and has been around forever. C is just the sort supreme being of languages at this point. A lot of libraries (APIs) are written in C even if they are used in other languages. Even compilers can be written in C. It's harder to use sometimes for beginners since it is not very visually friendly but it's fast and it's widespread. I usually tell people there is probably nothing you can't do with C, and I stand by that.
    • C# is the microsoft version of C and has a lot of other api stuff embedded in it. Visual Studio is the microsoft IDE which is used for development and your school may allow you to acquire it from them cheap.



    How about a popular parsed language?

    • Python. Python is a parsed language but it's really powerful and fun. It can be used as a back end on web servers so it's a good way to develop applications which need to be enacted on the server side. It is parsed though which means your code can be scrutinized or even copied pretty easily (although compiled languages can be decompiled and stolen too. I really like python, it's like C without all the challenges.



    SQL -- Structured Query Language

    You pretty much have to learn this at some point. The reason, well, if you want to use a database to store your information (and you do) instead of text files (flat files) you have to have a way to talk to the database itself. SQL is a standardized way to do that even if you are writing your application in PhP. You still store your data and retreive information with SQL calls embedded in your RUBY/C/Java/Php/Python code. Otherwise, your data is stuck in 1970.

    - We could then list languages for the rest of the day and still never list all the languages that exist and have existed since the 1940s. Basically, you need to make some assessments about your skill set.

    1. Look at the jobs you are interested in doing/getting out in the industry. Do they mostly say C or RUBY or PhP? Make a list and see how many times each one occurs.
    2. What level of programming are the jobs seeking, expert, beginner? Do they "preferred" or "required". If they say expert or required, they expect you are going to be well versed and most likely give you a test at the interview to see how well you do.
    3. Computer science is much more focused on programming then is something like Cybersecurity but you need to have some programming chops in your backpack if you want to be viable. Pretty much everyone expects you can at least "script" which means you know how to use Python or BASH or something to put together code to do basic tasks. Application development means you are expected to be involved (usually in a team) to put together working tools or whatever in the language they list.
    4. Learn an easy language that's fun first. I love Ruby and Python. Ruby in particular is fun since you can write graphics code so easily using gifs and jpgs to fake the graphic parts. It's a great way to code up some simple games and learn to code without getting too deep into weird syntax.
    5. Write a lot of code. Just think up things and code them. Games, tools, whatever, and you can solve all these things.



    Interlude:
    But DOUG!, I don't have millions of dollars to buy my own mainframe computer and license a compiler for 25000 a month from IBM. Well, don't worry, it's not 1980 anymore. Today, you can use Virtual box and get tools for free. Everything above I mentioned will run on Linux and you can just install the compiler and you're off. Seriously, every language I listed is free and you can even get free classes online to learn this stuff. Basically, after you write a few simple programs, it's a matter of saying "ok, so how can I make the dice roll on the screen?" Use google and get code examples. Make mistakes, break things, and fix them and you will be a great coder.

    1. When you feel pretty good about that first language, maybe add another one (at least basic). You will find that if you can do one, you can pretty quickly learn another just by coding and looking up the rules.



    What do I recommend:

    • Well, Python and C++ are what I teach.
    • Ruby and C++ are a good combo



    Get Virtual Box, Mint Linux, Code::Blocks IDE, you can install almost any compiler right there. Or you can write web code in PhP. But, any language is a good language and will build your skills. Taking courses is great and helps you be better, more professional coder but the more you practice, the better you will be and the easier the classes will be too.